Archive for May 2013 | Monthly archive page

American Cowboy

Your Domain Name Robbed

Irish Web Design issued a warning this week as yet another client had his preferred domain name robbed from under his nose.

highwayman stand and deliver

We were in the process of securing the preferred .ie, .net and .com domains our client had settled on. It came as a nasty surprise to discover that the rather unusual  .com domain name had been registered just days previously.

It transpired the client had been checking possible names for his new website some days previously and checked the preferred option on one of the many sites that appear at the top of Google.

There are many stories on the internet where people claim that the giant American company godaddy.com engage in this practice.

It appears that as soon as he logged out of the site automated software registered the domain name he was searching for.

The company who registered the site have no use for it, but they now own the name the client wanted.

The domain is available but first the client would need to appoint a company to negotiate for him, which is $69 to start with. Then he has to state in advance how much he is willing to pay. It is not uncommon for companies to demand thousands of Euro in order for them to hand over “your” name. If successful the ‘agent’ then adds another 10% on  top

Back in the days of the James brothers you knew you were dealing with robbing low-life bandits, but this form of robbery is corporate extortion on a massive scale.

You have no idea what the connections are between the agent, the company who registered the site and the company on whose site you first carried out the search.

The only thing you can be certain of is that you have been well and truly screwed.

The moral of the story?

Under no circumstances should you check the availability of domain names unless you know exactly what you are doing.

If you fail to heed this advice it may end up costing you thousands of Euro as you are subjected to information highway robbery.

american bandits

Your Domain Name Robbed an article by Irish Web Design

 

supermarket cctv footage

Secure your CCTV

This is an interesting article that Irish Web Design found on the BBC News Features and Analysis Section.

The subject of securing your systems from outside access applies to virtually every computer.

Those businesses with security systems that can be accessed on the web or by mobile phone should pay particular attention to how their system is secured.

cc tv camera

How to hack a nation’s infrastructure

By Mark Ward Technology correspondent, BBC News

I’m watching a live video feed of people visiting a café in London.

It’s a small, busy place and is doing a good trade in tea, coffee and cakes. That woman has dropped some money. A child is running around. Later, another customer thinks they have got the wrong change.

Nothing too gripping, you might think, except that the feed should be private, seen only by the cafe’s managers. Somebody forgot to click a box so now anyone who knows where to look can watch.

That CCTV feed is just one of many inadvertently put online. Finding them has got much easier thanks to search engines such as Shodan that scour the web for them. It catalogues hundreds every day.

“Shodan makes it easier to perform attacks that were historically difficult due to the rarity of the systems involved,” Alastair O’Neill from the Insecurety computer security research collective told the BBC. “Shodan lowers the cost of enumerating a network and looking for specific targets.”

It is not just CCTV that has been inadvertently exposed to public scrutiny. Search engines are revealing public interfaces to huge numbers of domestic, business and industrial systems.

Mr O’Neill and other researchers have found public control interfaces for heating systems, geo-thermal energy plants, building control systems and manufacturing plants.
Remote work

The most worrying examples are web-facing controls for “critical infrastructure” – water treatment systems, power plants and traffic control systems.
Industrial plant Many industrial systems are networked because they are in remote locations

“There’s a tremendous amount of stuff out there right now,” said Kyle Wilhoit, a threat researcher from Trend Micro who specialises in seeking out those exposed systems and helping them improve their defences.

Mr Wilhoit said such control systems, which often go by the name of Scada (supervisory control and data acquisition), get put online for many different reasons. Often, he said, the elements of such critical systems were in far-flung places and it was much cheaper to keep an eye on them via the internet than to send an engineer out.

It’s not just finding these systems that is a danger. Security experts are finding lots of holes in the software they run that, in the hands of a skilled attacker, can be exploited to grant unauthorised access.

“For attackers, the potential pay-off for compromising these systems is very high,” said Mr Wilhoit.

Governments are turning their attention to increasingly public vulnerabilities in such critical systems. The US Department of Homeland Security has established a computer emergency response team that deals solely with threats to industrial control systems. In the UK, government cash has been made available to help intelligence agencies and law enforcement deal with cyberthreats.
Continue reading the main story
“Start Quote

“The threat is there – it might not be biting you yet but you had better be ready for the day it does”

Jeff Parker ICSPA

A Cabinet Office spokesman said cyber-attacks were one of the “top four” threats to the UK’s national security.

“Billions of pounds are being lost to the UK economy from cybercrime each year, including from intellectual property theft and cyber-espionage,” he said. “Industry is by far the biggest victim.”

The spokesman added that government was working with industry to harden critical infrastructure against attack, and had set up a series of initiatives to share information about threats and the best way to tackle them.
Bad decisions

The number of web-facing industrial and critical systems that these search engines find is only going to grow. That could introduce a whole new problem if the work of Greg Jones from security firm Digital Assurance is any guide.

Mr Jones bought several smart electricity meters from eBay and took them apart to see how well they protected the information within them. The models he bought are the same as those likely to be used as the UK converts its relatively dumb electricity grid to a smarter alternative.

A few days of work saw Mr Jones and his colleagues extract the passwords from the small chunk of memory inside the meter.
Warning text Many of the systems found by Shodan should have a restricted audience

“They had the same credentials in them – factory default passwords.” In addition, he said, basic steps to stop people fiddling with the hardware, or at least reveal tampering, had not been taken.

The traffic the devices swapped with utilities looked like it would be easy to spoof. If smart meters are rolled out in large numbers this could mean problems as it would give any attacker a way to trick that smart grid into making some catastrophically bad decisions.

“There are some really good standards out there governing smart meters,” said Mr Jones. “Our evidence suggests that those suggestions are not being followed.”

This is despite the government body that advises on security, based at GCHQ in Cheltenham, drawing up standards for validating the security, or otherwise, of the meters. The UK was already supposed to be well on the way to making the grid smarter but the project has been delayed because of worries about the central control system.

What is clear is that critical infrastructure and industrial plant control systems are coming under more scrutiny from both attackers and defenders.

That has its upside, said Jeff Parker, one of the directors at the ICSPA, which advises governments and businesses on cyber-protection.

“Is that a benefit? If it raises awareness of vulnerabilities, then, yes, it can help,” he said. However, it might take a lot of work to harden systems and ensure they were adequately protected.

“The threat is there,” he said, “It might not be biting you yet but you had better be ready for the day it does.”

Read the original article here: http://www.bbc.co.uk/news/technology-22524274

Secure your CCTV – Irish Web Design

you tube audio tabs

Google Chrome Audio Tabs

As we are currently working on a music website we were especially interested to hear that Google Chrome are about to add an ‘audio icon’ to any tabs that are making noise.

you tube audio tabs

How often does it happen that there are a number of browsers open with multiple tabs on each and you find yourself wondering where the noise is coming from.

Once they release this feature you will be able to tell immediately which tabs have audio running.

The tabs are also designed to tell the Chrome browser which tabs have audio running.

As you may know Chrome closes tabs if it is running out of memory.

With this new feature Chrome will discard the tabs with the audio indicator active last.

So if you’re listening to something in a tab near the back of all your tabs Chrome won’t assume that it is inactive.

This function is already in the latest build of Chrome meant for developers and ‘early adopters’ but at present it’s not always stable.

Expect to see it in an update to Google Chrome in the very near future.

Google Chrome Audio Tabs – Irish Web Design

darby o gill and the little people

Tourism Ireland Website

IIA STATEMENT IN RESPONSE TO TOURISM IRELAND AWARDING CONTRACT TO LONDON BASED COMPANY

In response to the Tourism Ireland decision to spend €2.5million on the development of the new Tourism Ireland website www.Ireland.com the Irish Internet Association on behalf of its members would like to express its serious disappointment that an agency of the state have preferred to employ the services of a London web development company over an Irish one.

paddywhackery begosh begorrah

There are a number of points that need to be addressed. Firstly, as a country in a job crisis we should be doing everything in our powers to support jobs locally. On principle as well as in practice, this ethos should be of highest importance for government agencies leading by example. In this specific instance, IIA members were shortlisted for this tender and we know that domestic rates are far more competitive that those reportedly paid. In accepting that price is not the only factor and that technical merit was the other criteria used, it is worth noting that on the subjective yet technical issue of design and user experience, the general view is that there are already some basic user experience shortcomings with this site.

Secondly, we must look at the broader ramifications of this decision. The majority of global technology companies have elected Ireland as their European base given the high quality of talent here. Beyond the specifics of this particular case, the political message that this decision is sending out to the world is counter-productive and anti-jobs. On the one hand, we have the IDA and Government Ministers working to increase foreign direct investment with a strong focus on the technology industry. On the other hand, in this single decision, we have a state agency saying that it is not possible to secure high quality and good value web design and development services here.

Tourism Ireland is responsible for attracting visitors to Ireland. Holiday tourism is important but so too is business and education tourism. They are asking people to visit a vibrant and welcoming country but is it also one that is so insecure about itself, so lacking in faith in its own people that when given the choice they will partner with a foreign company rather than an Irish one? The argument that this spend represents less than 10% of its total budget for the year is reminiscent of boom years when pockets were deep. The measure of value in these straitened times should surely not be that they got it for a small % of a large amount but rather that they got it for the very best possible price and in doing so factored in the multiplier effect of keeping those jobs in Ireland and promoting the world class standards that exist within our country.

Tourism Ireland’s new website was designed by Hugo and Cat — a creative agency for a digital world.

To quote their own website:

“Creativity from Insight

Consumer engagement. Conversion. Advocacy. A full house in buzzword bingo – but they’re what our clients come to us for.

We’re a digital creative agency specialising in content marketing, experience design and technology, underpinned by strategic planning. We’re all about big ideas without a big attitude, so you’ll get to know the people creating the work that gets your audience talking.

Why not stop by and say hello?”

Originally published on the IIA website

Bock The Robber had an amusing take on the whole farce:

At first glance it appears that the cat did most of the work, and a very well paid cat he is indeed, while Hugo did most of the talking. But what a talker Hugo is, persuading the Tourism Ireland management that a website should cost €2.5 million to design and build.

How appropriate for this pantomime.

Hugo and Cat

Let’s say the cat is on a hundred grand a year, which is good money by any standards in a time of austerity, especially when all you need to survive is the odd fish-bone. This means that the moggy needed to spend 25 years working on the project, which, you’ll agree, uses up several of his lives.

Two and a half million buckaroonies for a website isn’t chickenfeed. but hold on. A man like Hugo would have no ordinary cat. Any feline in his world would be the very cream of cat programmers, so let’s say he’s on a grand a day, because he’s worth it. That means he spent 2,500 days developing this website. Giving him weekends off to prowl the rooftops flashing the dosh at the lady cats — Loadsamoney!! — he still spent a full ten years on the job. That must be a hell of a website, wouldn’t you think?

Well, yes, you would think so, but you’d be wrong. This is the most confused, ill-functioning website you might ever have seen. It starts nowhere and it goes nowhere. It looks like somebody stole it and crashed it into a wall. If there’s a wrong way to do it, a right way to screw it up, nobody does it like us, and so, in their wisdom, the authorities awarded the contract to a London-based firm, rather than a local developer, even though their tender was not the lowest. Not that there’s anything wrong with a firm simply because it’s based in London, but since there’s no shortage of developers in Ireland, it seems surprising that Tourism Ireland couldn’t find a single one that came within a whisker of Hugo and his feline friend. Nobody was up to scratch.

ireland

Of course, the formidable managerial intellects at Tourism Ireland weren’t satisfied with spending the two and a half million on Hugo’s cat. They also decided that they should buy the domain name ireland.com from the Irish Times for half a million euros.

For some reason, they felt it was better to have an American domain representing Ireland than our own .ie extension.

Why?

I don’t know. This doesn’t seem like a decision based on professional advice, but of course, as usual, I might be wrong. I’d be very interested to hear what professional advice they had when they drew up the request for proposals. Were any web professionals involved in preparing the tender documents? What factors persuaded Tourism Ireland to award the contract to a company whose tender was not the lowest? What personnel prepared the detailed specification ? Did any external consultants assist in completion of the specification? Did any external consultants assist in evaluation of the completed design to ensure compliance with the brief? If so, who did these consultants work for?

So many questions.

One question has finally been answered, of course.

We now know that a cat can most certainly laugh.

Originally published on Bock

Irish Web Design notes that the website does not perform very well on mobile devices and smart phones.

ireland website security

Solutions for Website Security

Irish Web Design are please to announce that they have created a series of packages to provide a high level of security to small to medium business websites.

The packages are designed especially for WordPress based information, blog, news and e-commerce on-line shop websites.

 

barbed wire pattern

 

Irish Web Design described the packages as consisting of the three S’s: Scan, Secure Survey.

The website security measures involve scanning the websites for issues, securing the site and finally setting up a surveillance system to monitor the website in the longer term.

It is estimated that hundreds of thousands of websites around the globe that are running the WordPress software have been infected by malicious software.

Some of the software infects the computers of visitors, who may find a realistic looking ‘Anti Virus Scanner’ pop up on their computer.

The owner is informed that his machine is infected and this software will remove the threats and provide on-going security.

This ‘peace of mind’ only costs a very modest amount, typically $10 to $20.

This is a scam, the programme is not real.

What the criminals who are behind the scam want are your credit or debit card details.

They may wait a long time before they use the information gained to empty your account of funds.

There are many variation on these scams, including straightforward blackmail: you want your site back, you will pay.

Irish Web Design have researched the issue and designed a solution to ensure that website owners can sleep at night.

While there can never be an absolute guarantee as situations can change very rapidly the system is designed to provide alerts to any suspicious activity.

Contact Irish Web Design if you want your website audited and secured.

 

 

 

 

 

 

Solutions for Website Security

Visit Us On TwitterVisit Us On FacebookCheck Our Feed